Hackers targeting IoT - Internet of Things

Technological evolution has already started to unveil itself in all its glory. From Wi-Fi routes and webcams to cars and smart thermostats, it seems that everything is connected. This interconnectedness is something known as internet of everything or Internet of things and it seems to be drawing attention of the big guys in the technology industry, from Apple to Samsung. But while we are waiting for a complete interconnectedness to occupy our whole lives, let us look at some of the dangers that internet of things can bring with it in the future.

Security breaches found in the Internet of Things

The main problem of connecting everything so that it is accessible online is the vulnerability of every internet-enabled device it has to a plethora of different cyber attacks. Though as real as it gets, these cyber attacks are something that most people overlook, as they do not expect their cars, fridges or baby monitors to get hacked. This is why FBI, US Department of Transportation and NHTSA have conducted an experiment where two hackers managed to hack a Jeep Cherokee while traveling at 70 miles per hour, to turn its steering wheel and “push” the brakes. And everything was done remotely at that. The experiment was done in the spirit of awakening not only the public but also the manufacturers, highlighting the potential problems and possible security shortcomings of internet of things engineering.

In order to avoid all the possible future problems, including cars being held at ransom, it is crucial to have advance technologies, such as secure boot, so that the vehicle’s integrity stays intact.

On the other hand, the internet of things can enable hackers to use connected devices, such as webcams, in order to hack whole organizations and compromise their entire systems. An example of such a wide-scale attack was done to a hosting provider in France, OVH, last year, when about 150000 customers IoT devices were hacked to start a DDoS attack, flooding the company with 1Tbps of traffic and in the process causing total chaos for all OVH users all over the world.

What this Mirai attack clearly shows is that no device is unhackable and as the internet of things expands more and more, so will the problems of security reach new heights.

One of the solutions, or the beginning to the solution, of the internet of things security problem, Nick Shaw, a general manager and vice president of Norton Company, finds in default device passwords that many device users simple do not change. This, so to say, carelessness comes from the fact that many people are not even aware that their devices, such as fitness trackers and refrigerators, are at risk of being hacked just as their laptops and PCs are. Hence why, they don’t take necessary steps to protect them as they usually do with their smart phones or personal computers.

Next to the default password change, Shaw points out that device owners can if not protect, at least, make it that much harder for the hackers to hack their devices by modifying privacy settings, disabling services that are not used as well as keep firmware regularly updated.

On the other hand, there are a number of people, one group in particular (Exploitee.rs) that advocates for implementation of better security measures by the manufacturers themselves. Exploitee.rs researchers have found a way to physically hack any device that uses eMMC flash memory. All they needed was the flash memory chip, card reader and some wire. By soldering 5 wires to the flash memory chip ( ground, command line, power line, data line and clock line), they were able to hook flash to the SD card reader , which in turned allowed them to plug into a computer, just as they normally would. From here on, they managed to research software vulnerabilities and finally take control of the whole device. The point of this hack was to highlight once again the range of different devices (cell phones, tablets, TV sets, fridges etc.) that use flash memory that are so easily hacked, but are still released by the manufacturers. They also wanted to point out that nothing is lost, even after the physical access to hardware occurs, which seems to be a general opinion amongst the manufacturers.

Even though physical access is not an easy attack to fight against, it provides manufacturers a good reason to start thinking about incorporating different strategies, including locking down flash memory, making the chip that much harder to physically access all the way to completely encrypting software of the chips.

It seems that the internet of everything has attracted many customers and clients to incorporate it in their everyday lives, but at what cost, we are yet to see in the future.